Archive

Curseyoukhan writes “Infosec vendor IID (Internet Identity) probably hopes that by the time 2014 rolls around no one will remember the prediction it just made. That is the year it says we will see the first murder via internet connected device. The ability to do this has been around for quite some time but the company won’t say why it hasn’t happened yet. Probably because that would have screwed up their fear marketing. CIO blogger challenges them to a $10K bet over their claim.”

darthcamaro writes “Unlike every other major browser vendor, Mozilla today does not allow users to have their private mode browser window open at the same time as a regular browser window. That’s now set to change. This is a flaw that has been in Bugzilla since 2008 and has been the subject of heated discussion for years.”

wiredmikey sends this excerpt from SecurityWeek: “A recent article on ProPublica dissected two commonly quoted figures about cybersecurity: $1 trillion in losses due to cybercrime itself and $388 million in IP losses for American companies. Both figures have been scrutinized and challenged by many, and viewed as typical security vendor FUD. … The $1 trillion figure is attributed to anti-virus vendor McAfee, while the $388 million in IP losses number belongs to Symantec’s Norton division. According to ProPublica, ‘The report was not actually researched by Norton employees; it was outsourced to a market research firm, StrategyOne, which is owned by the public relations giant Edelman.’ The problem with both of these figures — $1 trillion and $388 million — is, as Microsoft researchers pointed out earlier this year in a report fittingly titled ‘Sex, Lies, and Cybercrime,’ they are studded with outliers. In one example they cite that a single individual who claims $50,000 losses, in an N = 1000 person survey, is enough to extrapolate a $10 billion loss over the population. In another, one unverified claim of $7,500 in phishing losses translates into $1.5 billion over the population. The Microsoft researchers concluded: ‘Are we really producing cyber-crime estimates where 75% of the estimate comes from the unverified self-reported answers of one or two people? Unfortunately, it appears so. Can any faith whatever be placed in the surveys we have? No, it appears not.’”

Pieroxy writes “The W3C is proposing a set of new rules for CSS prefixing by browser vendors. This would greatly mitigate the problem caused today where vendor specific prefixing is seeing its way through production sites. The problem is so bad that some vendors are now tempted to support other browsers’ prefixing. The article also has a link to an email from Mozilla’s Henri Sivonen that does a nice job of addressing many potential issues and shortcomings of this new proposal.” I was under the impression that browser prefixes existed to allow use of experimental CSS features before standardization; just ditching the vendor prefix seems like a step backward.

An anonymous reader writes “It looks like paranoia regarding Chinese cyber-espionage is riding sky-high within the Australian Government. It was confirmed today that the country’s Attorney-General’s Department had banned Chinese networking vendor Huawei (the number two telco networking equipment vendor globally) from bidding for work supplying equipment to the government’s $50 billion National Broadband Network universal fibre project. The unprecedented move comes despite the fact that Huawei has offered to share its source code with security officials, and despite the fact that Huawei is not being accused of having broken any laws in Australia. Questions over the legality of the Government’s move are already being raised.”

oztiks writes “Lawyer Karen Sandler’s heart condition means she needs a pacemaker to ward off sudden death. Instead of trusting that the vendor will create a flawless platform for the device to operate, Sandler has demanded to see the device’s source code. Sandler’s reasoning brings into question the device’s reliably, stability, and oddly enough, security.”

snydeq writes “Two years later, Oracle’s stewardship of Java continues to raise user and vendor ire, this time due to modularization, licensing, and security concerns. ‘Plans for version 8 of Java Platform Standard Edition, which is due next year, call for inclusion of Project Jigsaw to add modular capabilities to Java. But some organizations are concerned with how Oracle’s plans might conflict with the OSGi module system already geared to Java. In the licensing arena, Canonical, the maker of Ubuntu Linux, says Oracle is no longer letting Linux distributors redistribute Oracle’s own commercial Java, causing difficulties for the company. Meanwhile, security vendor F-Secure views Java as security hindrance.’”

It has been a busy year for VMware in terms of acquisitions, following an almost equally busy 2010, when it bought SpringSouce and incorporated this technology into vFabric, and Zimbra from Yahoo, which it has kept separately. Most of the 2011 buys we have covered in various posts here, but a few escaped our attention. I thought it would be a nice year-end post to review where things stand with each technology. By comparison, Google this past year acquired more than two dozen companies.

in June it bought Digital Fuel Technologies, which sells tools to measure infrastructure and apps costs mainly for financial services industries. They are now rebranded IT Finance Manager, IT Service Level Manager, and IT Vendor Manager.

Things have been quiet the rest of the year, although quite a few new products announced around the twin VMworlds in the fall. And L\let’s not forget that VMware is still a subsidiary of EMC, and this year saw EMC transfer the controlling assets of online backup vendor Mozy to VMware.

There are some products that appear to have been doomed to circumstance since birth – that despite the most ambitious goals, the grandest intentions, and often the wildest strokes of luck, still manage to end up on the wrong side of public perception. No more prominent example exists in the history of software than Microsoft Silverlight, a textbook case of a platform that was never, for one moment, given the benefit of a doubt.

It did not help that its original title, circa 2006, was “Windows Presentation Foundation / Everywhere” (WPF/E), which sounded like the catch-phrase for a neoconservative protest movement. And it really didn’t help that its producer had attained a reputation for defining the Web by default, building less-than-ideal browsers and technologies and broadcasting them into ubiquitousness by tying them to Windows.

But Microsoft was out of get-out-of-jail-free cards, having worn out its welcome with Web developers with the disaster that was ActiveX. Silverlight was a double-down bet on the idea that if a technology were made accessible enough, and its performance were respectable enough, developers would adopt it because they wanted to, not because they were locked into the decision.

What it is, and what it was

It is a piece of the .NET Framework, the managed code technology upon which a great deal of distributed functionality in the enterprise depends today. (Yes, I understand the implications of the verb “depends” in this context.) Essentially, Silverlight is just enough of WPF to make a distributed application functional, and respectably so, inside or outside of the browser. It does leverage other Microsoft technology, which should never surprise anyone. Although it was programmable from the beginning using JavaScript (which Microsoft stopped calling “JScript” some years back), its principal programming language starting with version 2.0 was C#, Microsoft’s own take on object-oriented C.

Microsoft’s prior behavior mandated that Silverlight (as well as every other tech campaign from the company) should be watched with skepticism and caution. The situation that any developer should work to avoid is one where the best method for solving a problem is only attainable through a single vendor’s product. Imagine if, for example, the best way for an individual to find content, or the most attainable way for content producers to monetize their product, or the most available way to advertise that content, were through a single vendor. Why, the “open Web” would be impossible!

An early demo of a Silverlight app running on Mac OS X, from June 2007 TechEd.

That Silverlight was, to be blunt about it, not really an innovative new method but rather an alternate approach (and arguably a better one, in several respects) to a method addressed by a completely different vendor more than 90% of the time, did not seem to quell the conspiracy theorists. From moment one, Silverlight was pegged as Microsoft’s latest tack toward its old strategy of vendor lock-in – a principle eschewed by Web developers in much the same way Congressmen openly abhor pointless bickering.

Life in the margins

For such a tack to succeed in a market that was seeded against it, Silverlight needed a sign of faith from its executive leadership. It never really got it. CEO Steve Ballmer continually downplayed Silverlight as something that was nice, maybe interesting, but not critical to the company’s strategy. There were times Ballmer publicly demonstrated he knew less about the product than I did. In June 2010, he told an audience that Silverlight does not run on the iPhone, thanks to Apple. This was eight months after Microsoft gave me the first demonstration of Silverlight on iPhone, which its product manager told me was only possible on account of Apple’s direct cooperation and participation. Granted, it was never downloadable through iTunes, but after Ballmer’s little demonstration, you have to ask yourself just whose fault that was.

The problem with adopting openness as your mantra is that you must become open to that to which you’re closed. Silverlight is where, astonishingly, Microsoft succeeded and its detractors miserably failed. Rather than swallow the notion that good ideas can emerge from the “wrong” sources, some accused Moonlight of no less than “actively undermining our freedoms”, of effectively brainwashing users, of orchestrating a real-world “Invasion of the Body Snatchers” with some names you’ll recognize serving as Microsoft’s shovels, rakes, and implements of destruction.

For a few years, Microsoft’s work on Silverlight development was fast and furious, and Moonlight raced to catch up. As a result, there no longer appeared to be a devious conspiracy by Microsoft to inject Silverlight into Linux. Mono, the project to which Moonlight belongs, adopted Windows itself as one of its supported platforms, thereby nullifying the very possibility of vendor lock-in that Silverlight had earlier been accused of enabling. Yet almost immediately, the extent to which Moonlight had not yet caught up with Silverlight was called out as a devious conspiracy by Microsoft to withhold Silverlight from Linux, an effort to engineer a new garden wall for vendor lock-in, where Linux would always be one step behind.

Course correction

The emergence of Windows Phone, which should have begun Silverlight’s ascendency into ubiquitousness, instead launched its downward spiral.

In January 2010, Microsoft launched a parallel course for its mobile OS strategy, literally issuing a correction to its own statements about a future “Windows Mobile 7,” in a plan to make reporters ask about what Microsoft meant by “the future of mobile” to give it just the right opportunity to answer. Microsoft then demonstrated that Silverlight developers could build WP7 apps using the XAML resource management language they already learned for the PC. This was the first indication that Microsoft was working on a cross-platform development strategy for PC and mobile.

And what is this strategy shift about? The move by Windows 8 to WinRT is an overt, intentional effort by Microsoft, as the company freely admits, to march developers away from Silverlight, and toward an altogether new and untried apps ecosystem. That such an ecosystem was technically feasible with Silverlight was never questioned.

But if technical feasibility were the single benchmark for the viability of all Web technologies, today you would not be reading this single-column blog with a long, long scroll bar through a browser that delivers content from multiple sources using an unsecured, stateless protocol. Put another way, if all it took was to make technologies work well, the Web as we know it now wouldn’t even be here.

Leverage

For Microsoft to remain competitive through the rest of this decade, it must produce a mobile platform that customers want more than any other platform. Right now, it does not. Microsoft’s product development has always, always depended on leverage. It builds new platforms on existing ones. When Microsoft first shifted its Windows Mobile strategy to Windows Phone, it was with the idea that Silverlight might be the link that lets its mobile platform leverage its successful and substantive Windows platform. But that is not enough.

Recently, there has been active speculation that Microsoft may want to converge some elements of its Windows PC and Windows Phone platforms, perhaps just enough to enable certain classes of apps to run on both. This brings up the musical question… Duh! For Windows Phone to make sense as a Windows brand, it needs apps that cross the boundaries of Microsoft’s “four screens” (formerly three). If Windows Phone fails, conceivably Microsoft will fail, entirely. Certainly the many carriers whose faith and support are necessary to make Microsoft’s plan work, would not be satisfied with Silverlight as the leverage point for tying PC to Phone.

The notion that carriers may have nixed this earlier, Silverlight-dependent leverage scheme, as it was presented in late 2009, would explain why Microsoft’s strategy shift was so sudden, so inconsistent with its past and, thus far, so indeterminate with respect to the future. The leverage point must go both ways now; what we see on PC now must borrow more concepts from Phone, in order for the mobile platform to attain the subsidies it needs to be successful. In what many are calling the “post-PC era,” this could be the first instance where carriers are effectively dictating the content of our personal computers.

If that is indeed the case, as I strongly suspect, then there would be no more prominent an indicator that Microsoft no longer dominates computing than the incursion by wireless carriers into its once-sacrosanct PC strategy. That Silverlight should be relegated to a side note on account of a platform leverage strategy, would be a sad and ironic fate for a good technology that, for the duration of its life, was suspected by many of being a platform leverage strategy.

Diggester writes “Jailbreaking is a way to break off from the limitations imposed by the mobile vendor to download additional applications and themes etc. which aren’t available otherwise. It provides root access to the device by use of custom kernels. It is common with the iDevices and has been rendered legal by the efforts of EEF (Electronic Frontier Foundation) in July 2010. The Electronic Frontier Foundation is now determined to make Jailbreaking legal for all the consumer electric goods. They have asked the US copyright office to declare it legal to jailbreak all the devices like smartphones, tablets, gaming consoles etc. no matter who the vendor is. The aim behind this plead is to change the Digital Millennium Copyright Act (DMCA) which prohibits such an access to the user.”